September 2, 2013 VM Evolution via API Parag Baxi, Technical Account Manager.

Slides:

Advertisements

Similar presentations

Conducting your own Data Life Cycle Audit

Advertisements

From the eyes of an Administrator A general overview of e-CFunds Administrative Site, including navigation and exploring the features of this powerful.

Implementing Tableau Server in an Enterprise Environment

1 Capability Set - Detail. 2 Common Content Problems Content Mayhem –File management and storage confusion Content Multiplication –Editing déjà vu - same.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Presented to: By: Date: Federal Aviation Administration Registry/Repository in a SOA Environment SOA Brown Bag #5 SWIM Team March 9, 2011.

Govern the Flow of Data: Moving from Chaos to Control

Duke Enterprise CMS CGS Meeting 5/7/2004 Cheryl Crupi Senior Manager, Duke OIT Office of Web Services.

IT Asset Management Status Update 02/15/ Agenda What is Asset Management and What It Is Not Scope of Asset Management Status of Key Efforts Associated.

1 Dr. Ashraf El-Farghly SECC. 2 Level 3 focus on the organization - Best practices are gathered across the organization. - Processes are tailored depending.

Tivoli Service Request Manager

1 Contract Inactivation & Replacement Fly-in Action ( Continue to Page Down/Click on each page…) Electronic Document Access (EDA)

“The Honeywell Web-based Corrective Action Solution”

Request Tracker IT Partners Conference Oliver Thomas 19 April 2005.

1 Remediation Workflow Automated Scan Reports Patch Report Remediation Policies Remediation Tickets API Custom Report Templates.

Request Tracker 4 (RT4) Implementation Project

CA's Management Database (MDB): The EITM Foundation -WO108SN.

SESSION ID: Continuous Monitoring with the 20 Critical Security Controls SPO1-W02 Wolfgang Kandek CTO.

LYDIA HARKEY EIR ACCESSIBILITY OFFICER TEXAS A&M UNIVERSITY COMMERCE FALL Implementing Accessibility Strategically at Your Organization.

HP Quality Center Overview.

Office 365 ProPlus Managing Updates.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Is Your IT Out of Alignment? Chargeback and Billing with Parallels Automation Brian Shellabarger, Chief Architect - SaaS.

Network Registration and User Tracking An Open Source Approach Mark Berman Ashley Frost Williams College.

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Unity Connection 7.0 Directory Integration TOI Manoj Agrawal

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

What’s New in Sage SalesLogix V Release Overview Sage SalesLogix v7.5.2 focuses on: −User Enhancements streamline the user experience furthering.

© 2011 PLANET TECHNOLOGIES, INC. Extending User Profiles with Line of Business Data Patrick Curran, MCT FEBRUARY 24, 2013.

Deploying Vulnerability Management and Policy Compliance on a Global Scale ON TIME – ON BUDGET – ON DEMAND Implementation Best Practices by David French.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

Mark Jones Senior Product Manager How Automation Can Help You: Use Cases for NetIQ Aegis™

1 EIR Accessibility Web Scanning Program Jeff Kline, Statewide Accessibility Coordinator Texas Department of Information Resources October, 2012.

Chris Wright Senior Systems Engineer, Lucity IMPORT & UPDATE.

The Microsoft Baseline Security Analyzer A practical look….

1 Warranty and Repair Management For Infor XA Release 7 WARM Denise Luther – Sr. XA Consultant WARMS Technical Manager CISTECH, Inc. Rod Fortson – Sr.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

What is new in SD What is New in ServiceDesk 7.1 Mark Hopper Technical Field Enablement.

Paul Butterworth Management Technology Architect

— Customer Success Team August / 2015 Remedyforce Enablement Kit Migration from CMDB 1.0 to 2.0.

Enable self-service – users make requests on demand Standardize and deliver Templates, workflows, processes and a common CDMB enable automation The Service.

Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.

BusinessObjects What’s New Acquisitions & XI Release 2 Migration Issues.

© 2012 Saturn Infotech. All Rights Reserved. Oracle Hyperion Data Relationship Management Presented by: Prasad Bhavsar Saturn Infotech, Inc.

Be Microsoft’s first and best customer Enabling world-class and predictable customer, client, and partner experience Protecting Microsoft’s physical and.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 6: Planning, Configuring, And Troubleshooting WINS.

Analyze This: Translating Business Needs into Technical Solutions

Ontolica Fusion 4.0 The easy Automation Tool for SharePoint Steen Jakobsen Fusion Principal Architect

Kevin Watson and Ammar Ammar IT Asset Visibility.

Defining your requirements for a successful security (and compliance

COSEC Roster Management

«My future profession»

OIT Security Operations

Software Application Overview

Lessons Learned: Implementing a Vulnerability Management Program

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 6: Planning, Configuring, And Troubleshooting WINS.

COMPTIA CAS-003 Dumps VCE

I have many checklists: how do I get started with cyber security?

Microsoft Ignite NZ October 2016 SKYCITY, Auckland.

Shifting from “Incident” to “Continuous” Response

Getting Started.

Getting Started.

atEvent + HubSpot Integtration Instructions

Herding Cats and Security Tools

1 5 Identify Connect Leverage MOBILE-READY SINGLE PLATFORM

Overview of Oracle Site Hub

Final Design Authorization

Features Overview.

COMPLETE BUSINESS TEXTING SOLUTION

QG Vulnerability Management Module

Presentation transcript:

September 2, 2013 VM Evolution via API Parag Baxi, Technical Account Manager

2 Vulnerability Management – Before Constant battle for IP Asset classification QualysGuard scan reports ed Global metrics unavailable on security posture No administrator credentials

3 Vulnerability Management – After IT Assets in sync Reduced VM lifecycle Visibility in near real-time Biweekly authenticated scanning against all sites Users: Tuesday to Thursday, 10 AM - 4 PM Non-users: Friday, 10 PM - Sunday 10 PM Metrics for senior management and IT staff

4 Impact Increased awareness of security needs QGIR (QualysGuard Integration with Reporting) began at Customer in the second half of Increased effectiveness of QualysGuard VM

5 API integration with Configuration Management Database (CMDB) Hierarchy model Challenge: Asset Management Manual input No visibility on IT assets No visibility on ownership of assets Resulted in creating CMDB in shared Google Spreadsheet Problem: How to synchronize QualysGuard’s asset groups with the CMDB Google Spreadsheet?

6 Calculate static IP ranges and update the Google Spreadsheet. Have necessary information to create Asset Groups in QualysGuard. Create/Update asset groups in QualysGuard via API. Update host tracking information via QualysGuard API. Create/Update schedules for DHCP & static ranges. DHCP: Biweekly midweek from 10 AM to 4 PM. Static: Biweekly on weekends. Issues: No static IP ranges provided in CMDB Google Spreadsheet.. QualysGuard Asset Groups not in sync with Google Spreadsheet. QualysGuard-CMDB Integration

7 Remediation Workflow Automated Scan Reports Patch Report Remediation Policies Remediation Tickets API Custom Report Templates

8 Remediation Workflow Automated QGIR (QualysGuard Integration with Reporting)

9 Sample Reporting Issue

10 QualysGuard tickets are grouped by QID in Reporting. This enables easy patching. To further ease the administrative burden we utilize the patch report to consolidate vulnerabilities. QGIR tracks metrics against all offices fairly. All participating offices are given the same time frame and opportunity to remediate vulnerabilities. Further rounds supersede existing tickets. All unresolved Reporting tickets from the previous round are marked incomplete and the remaining vulnerabilities will be included in the new round. Create the tickets into Reporting, a JIRA ITIL-aligned implementation. With patching tool’s ability to patch multiple hosts for the same vulnerability, it makes sense to group by QID. Store the vulnerabilities and associated Reporting tickets in a separate database to allow for proper verification. QualysGuard vulnerabilities of the same QID for the same office are assembled into a CSV containing pertinent information. QGIR Workflow – Issue Vulnerabilities

11 QGIR Verify Workflow QGIR verification will reopen all QGIR Reporting issues that still have vulnerable hosts. For example, lets say Site A had 2 QGIR tickets in Reporting, and each of those QGIR tickets had 10 vulnerable hosts. If one host in both QGIR tickets was not fixed for either vulnerability then both tickets will be reopened. QGIR will verify that all hosts in each ticket that was marked resolved has, in fact, removed the vulnerability.

12 QGIR Verify Workflow – Attachments

13 QGIR Verify – Decommissioned Hosts QGIR verification will reopen all QGIR Reporting issues that still have vulnerable hosts. Therefore, all QualysGuard remediation tickets associated with decommissioned hosts must be removed. Note the search by NetBIOS name is not an exact search. It will return remediation tickets containing the NetBIOS name. For example, a NetBIOS search of “USNYSMITHGE1” will also return tickets associated with hostname, “USNYSMITHGE11”. Remove these false positives by parsing the resulting XML file. QualysGuard will not report a very real, but previously discovered vulnerability on a replacement host with the decomissioned IP/hostname. The ticket must be deleted.

14 Parag Baxi, CISA, CISM, CISSP, CRISC, PMP Employee, Qualys Senior Security Engineer, Ogilvy & Mather Architected ITIL-aligned worldwide VM QualysGuard implementation with heavy emphasis on automation, ROI and security best practices. Over 10 years of enterprise experience at UMDNJ, EDS, HP Enterprise Services (consultancy for The Federal Reserve Bank of New York), and Google. Advocate and active contributor of the Qualys community. Published open-source QualysGuard integration code. B.S. degree in Computer Science from Rutgers University. Thank you!